Title :
Detecting Security Vulnerabilities with Software Architecture Analysis Tools
Author :
Karppinen, Kaarina ; Lindvall, Mikael ; Yonkwa, Lyly
Author_Institution :
VTT Tech. Res. Centre of Finland, Espoo
Abstract :
Hidden functionality in software is a big problem, because we cannot be sure that the software does not contain malicious code. We conducted an experiment where we studied the relationship between architecture constructs, dynamic behavior and security vulnerabilities. We also studied to what extent architecture analysis tools can assist in detecting security vulnerabilities that are caused by architecture violations. Using the tool, we were able to capture the dynamic pattern of a user breaking in to the system using the back door. Based on the dynamic information in combination with the static information, we obtained a good picture of the "visual image" of the back door. Such "visual images" can be used to detect vulnerabilities and ultimately help to design software architectures that meet their security requirements.
Keywords :
security of data; software architecture; software tools; hidden functionality; security vulnerabilities detection; software architecture analysis tools; software architecture design; visual image; Best practices; Computer architecture; Documentation; Information security; Software architecture; Software engineering; Software maintenance; Software testing; Software tools; Visualization;
Conference_Titel :
Software Testing Verification and Validation Workshop, 2008. ICSTW '08. IEEE International Conference on
Conference_Location :
Lillehammer
Print_ISBN :
978-0-7695-3388-9
DOI :
10.1109/ICSTW.2008.14
